Unless you've been hiding under a rock these last few weeks, you cannot help but to have heard about a flurry of thefts which put literally MILLIONS OF INDIVIDUALS at risk of having their identities stolen or otherwise compromised. This raises two obvious questions:
- How could this have happened?
- How could it have been avoided?
The answer to the first question, as it happens, is quite simple. In these recently reported cases, the loss of data had nothing to do with the activities of a sophisticated hacker who broke into some server, poorly secured by some hapless (and now unemployed) systems administrator. It didn't even happen because some careless (and now unemployed) worker left a desktop system logged in.
In each case, the loss of data was attributed to a common burglar who broke into a home, office, or automobile and stole a laptop computer -- they undoubtedly had no idea that the data would have been worth many tens of thousands of dollars to some. More likely than not, these thieves were looking for something worth a few hundred dollars at the nearest pawn shop so they could feed their family (or get their next 'fix').
In truth, these are probably low risk losses of data. However, had the thieves understood the value of the data present on those laptop computers, the extent of the damages to the individuals named, and the the sheer magnitude of the lawsuits that would result could extend into the hundreds of millions of dollars.
The answer to the second question is even simpler:
Don't ever leave sensitive data on ANY mobile device because such devices are too easily lost or stolen.
Policies, policies, policies! Don't forget the importance of policies built around obvious (and not so obvious) rules and easy to remember guidelines.
Sensitive data belongs on servers and nowhere else! You don't need to have a locked-down machine room to protect sensitive data. But, if you work in Education IT, you certainly do have sensitive information which needs to be protected. More likely than not, you also have a technically-challenged administration which either takes draconian but ineffective measures to protect data -- or they have no concept at all of the risks of carrying sensitive data around -- be it printed on a stack of paper or stored on a laptop computer.
So how do your mobile professionals (or those gadget-happy administrators) do their jobs when they are not sitting at their desk at work if they cannot access their data?
There is of course, a simple solution. I am working on this blog from the laptop at my home, even though the ZDNet server I am using is 2,000 miles away, in California -- or perhaps it is 12,000 miles away in Bangalore -- I just don't know! The Internet permits your administrators to access the data they need via password-protected web-based applications. These applications are easily secured and by establishing policies that forbid the caching of passwords, or the storage of sensitive data on your user's mobile device, you can mitigate all the risks associated with the loss or theft of these devices.